package timing.ukulele.auth.vo;

import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.oidc.OidcScopes;

import java.time.LocalDateTime;
import java.util.Set;

@Data
@Schema(description = "OAuth2客户端对象")
public class RegisteredClientSimpleVO {
    @Schema(description = "id，系统生成不可编辑")
    private String id;
    @Schema(description = "clientId，用户自己输入，全局唯一")
    private String clientId;
    @Schema(description = "发布时间", example = "2024-03-02 10:08:00")
    private LocalDateTime clientIdIssuedAt;
    @Schema(description = "密码，后台保存的是BCrypt加密后的内容，维护者需要自己记住密码")
    private String clientSecret;
    @Schema(description = "密码过期时间", example = "2024-03-02 10:08:00")
    private LocalDateTime clientSecretExpiresAt;
    @Schema(description = "名称")
    private String clientName;
    /**
     * @see ClientAuthenticationMethod
     */
    @Schema(description = "验证方法", example = "none", allowableValues = {"client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"})
    private Set<String> clientAuthenticationMethods;
    /**
     * @see AuthorizationGrantType
     */
    @Schema(description = "授权类型", example = "authorization_code", allowableValues = {"authorization_code", "refresh_token", "client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:device_code"})
    private Set<String> authorizationGrantTypes;
    @Schema(description = "授权码模式回调地址，oauth2.1已改为精准匹配，不能只设置域名，并且屏蔽了localhost，本机使用127.0.0.1访问", example = "www.timingtech.top")
    private String redirectUris;
    @Schema(description = "退出重定向地址", example = "www.timingtech.top")
    private String postLogoutRedirectUris;
    /**
     * @see OidcScopes
     */
    @Schema(description = "该客户端的授权范围，OPENID与PROFILE是IdToken的scope，获取授权时请求OPENID的scope时认证服务会返回IdToken", examples = {"openid", "profile", "email", "address", "phone"})
    private Set<String> scopes;

    // 设置内容
    @Schema(description = "是否需要授权确认", example = "true")
    private Boolean requireAuthorizationConsent;
    @Schema(description = "accessToken存活时长，单位小时", example = "2")
    private Long accessTokenTimeToLive;
    @Schema(description = "授权码存活时长，单位分钟", example = "5")
    private Long authorizationCodeTimeToLive;
    @Schema(description = "设备码存活时长，单位分钟", example = "5")
    private Long deviceCodeTimeToLive;
    @Schema(description = "refreshToken存活时长，单位天", example = "1")
    private Long refreshTokenTimeToLive;
    @Schema(description = "刷新Access Token后是否重用 Refresh Token", example = "false")
    private Boolean reuseRefreshTokens;
}
